diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..b88b38921f4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 4.x.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+Should you discover a vulnerability, you should not open an issue. Please email
+[hello-open-commerce@mailchimp.com](mailto:hello-open-commerce@mailchimp.com). We will work with you directly
+and correct the vulnerability and then make an annoucement once a release is available.